Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hmm.. i didn't know which board to put this on, but anyway.
i am having trouble updating snort on ubuntu lucid. It seems that there is one line in the config file that prevents snort from starting up in daemon mode.
Code:
# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=snortuser password=monkeyb0i dbname=snortdb host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
# <debian>
# Keep your paws off of these (#DBSTART#) and (#DBEND#) tokens
# or you *will* break the configure process (snort-pgsql/snort-mysql only)
# Anything you put between them will be removed on (re)configure.
#
# (#DBSTART#)
output database: log, mysql,
# (#DBEND#)
#
# </debian>
#
if i remove that line i can update no problem, but when i issue an apt dist-upgrade, that particular line is re-added and, for some reason, unable to finish the installation process.
Quote:
root@lame:/var/log# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
Setting up snort-mysql (2.8.5.2-2build1) ...
* Stopping Network Intrusion Detection System snort * No running snort instance found
* Starting Network Intrusion Detection System snort [fail]
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing snort-mysql (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
snort-mysql
E: Sub-process /usr/bin/dpkg returned an error code (1)
The error indicates that something is wrong in the database configuration.Dumb question, but do you have the properly configured MySQL databases for snort? In other words, do you have a database named snortdb, and a user, snortuser, with suitable permissions and a valid password on that database?
Running dpkg --reconfigure on snort should allow you to go through the setup process again if you don't.
I would also search on Ubuntuforums.org in their security section. Bodhi Zazen has written some excellent how-to documents on installing snort under Ubuntu. There is a newer version that uses the snort in the repositories and then there is the older version where you compiled snort manually from source (before it had MySQL capability).
Yeah, I do have it configured correctly. Like I said before, it runs fine as long as I don't attempt to update it. When I try to update it, that line is added to the config file, which breaks the installation. I have to remove it every time before it will run.
there is no --reconfigure for dpkg, just --configure.
Code:
dpkg --help | grep -i reconfigure
outputs nothing.
running --configure spits out the following.
Quote:
$ dpkg --configure snort-mysql
Setting up snort-mysql (2.8.5.2-2build1) ...
* Stopping Network Intrusion Detection System snort
* No running snort instance found
* Starting Network Intrusion Detection System snort [fail]
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing snort-mysql (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
snort-mysql
like I said, it runs fine if I remove that line from the config. It says specifically to run --reconfigure ( which doesn't exists ) and when I run --configure, it's broken.
I apologize for the mistake on the reconfigure command. It has been a long time since I have used it. It is 'dpkg-reconfigure' not dpkg --reconfigure. In other words, the command is dpkg-reconfigure, not --reconfigure being an option of dpkg.
If you haven't already try reading the documentation in my earlier post (link). It also looks like there is an Ubuntu specific installation guide. One of the things listed that may be related to your issue is that it looks like the line should read (with appropriate values filled in):
[code]output database: log, mysql, dbname=snort user=snortusr host=localhost[/quote] However, the warning says that this line will be automatically updated. Consequently, there is probably something that needs to be modified in one of the configuration files.
Personally, I use the earlier version where I compiled it from source rather than using the repository edition. The downside is that you won't get the automatic updates with the repositories, but I think it helps avoid some of these issues. There was also a change recently that impacted the Base PHP viewer. I can't recall all the details, but there is/was a version incompatibility I think with the PHP and graphing libraries. Just something to watch out for.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.